sapran/appsec_awareness_training_day2.md

Last active March 27, 2018 17:43

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/sapran/be2b5223518cf1e3620f4a4b2e6dddfd.js"></script>
Save sapran/be2b5223518cf1e3620f4a4b2e6dddfd to your computer and use it in GitHub Desktop.

Download ZIP

Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.

Raw

appsec_awareness_training_day2.md

Review OWASP Top 10 appsec risks

Security Maxims overview

https://www.techrepublic.com/blog/it-security/it-security-maxims-for-the-ages/

Security Engineering principles overview.

Least Privilege
Fail-Safe Defaults
Economy of Mechanism
Complete Mediation
Open Design
Separation of Privilege
Least Common Mechanism
Psychological Acceptability
Defense in Depth
Secure Weakest Link First

Ross Anderson's Security Engineering book

https://www.cl.cam.ac.uk/~rja14/book.html

Garry McGraws' 10 software security principles

http://www.zdnet.com/article/gary-mcgraw-10-steps-to-secure-software/

Walk through the flagship OWASP projects

ASVS: https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
Testing Guide: https://www.owasp.org/index.php/OWASP_Testing_Project
ZAP: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
SonarQube: https://www.sonarqube.org

Practice (preparation for day 3): demonstrate the workflow of security penetration testing – discover, verify, and remediate a vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment